[146] in linux-security and linux-alert archive
Re: Closing suid root holes
daemon@ATHENA.MIT.EDU (alex)
Mon Mar 13 12:14:10 1995
Date: Mon, 13 Mar 1995 03:12:40 -0500 (EST)
From: alex <alex@bach.cis.temple.edu>
To: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199503130630.WAA09589@dandelion.com>
Reply-To: linux-security@tarsier.cv.nrao.edu
> You must be a bit out of date. I've been running the following on Linux for
> quite some time:
>
> /dev/sda1 / ext2 defaults 1 1
> /dev/sda4 /u ext2 nosuid,nodev 1 2
> /dev/sda2 swap swap defaults
> none /proc proc defaults
> /dev/sr0 /cd1 iso9660 user,noauto,ro,noexec,nosuid,nodev,unhide
> /dev/sr1 /cd2 iso9660 user,noauto,ro,noexec,nosuid,nodev,unhide
>
> It's already available...
In that case 90% of setuid holes can be closed. Just maintain the list of
setuid programs on your setuid-able partition (cron job).
=============================================================================
CIS Laboratories email: alex@bach.cis.temple.edu
TEMPLE UNIVERSITY ayuriev@yoda.cis.temple.edu
USA Tel: 1-800-DEV-NULL
=============================================================================
